Anything and everything the app and its 30 social, ad, and analytics SDKs are able to capture and exfiltrate from the phone.
Maybe they won't upload the list of my installed apps (which can leak information like religion or medical issues), maybe they won't track my location through the entire hotel (or everywhere), maybe they won't snoop on my pictures... but maybe they also will, and I don't like maybe.
Almost certainly I'll have to agree to lengthy ToS that will then be used as justification to inundate me with spam.
The Android permission model is particularly messed up because it changes every few SDK target versions, so it's hard to build a mental model what exactly you're allowing. Many apps that had a built-in photo-taking capability required storage access and wouldn't work without. Any app using bluetooth had to request and be granted location access (because Bluetooth could be used to track location... so any app acting as a key automatically also got to track you via GPS on top of that, and even if the app maker didn't want to they had to request the permission for Bluetooth to work).
I've seen too many companies pushing their apps aggressively and with massive rewards. They're clearly getting something out of it, and probably not something I want to give them. If you're very, very lucky, the main goal is only to make them more "sticky" (make it easier to use them over someone else next time), but that's the thing - I don't want past service providers to stick to me.
> Anything and everything the app and its 30 social, ad, and analytics SDKs are able to capture and exfiltrate from the phone.
I’m asking about iOS. If you have an Android device - using an operating system written by an ad tech company, the Hilton app is the last thing you should worry about.
Instead of being hand wavy, what exactly do you think an analytics SDK can “exfiltrate* from your phone outside of the app sandbox without your explicit permission?
> Maybe they won't upload the list of my installed apps (which can leak information like religion or medical issues),
Not possible with iOS. There was a loophole that Twitter used where they would try to send a message to another app. But Apple closed that a few versions ago.
> Almost certainly I'll have to agree to lengthy ToS that will then be used as justification to inundate me with spam
You mean the same TOS you have to sign when booking from their website? But I use the built in “Hide My Email” feature on iOS and give each app/website that I don’t care about a separate email that gets forwarded to my main email address.
> “ The Android permission model is particularly messed up because it changes every few SDK target versions, so it's hard to build a mental model what exactly you're allowing
“I care about my privacy yet I use an operating system with a poor permission model written by an adTech company”
And what if the app asks for access to your contacts? Would you grant it out of the convenience of the app, or would you deny it permission and ask for a card key?
No you don’t have to. When you share it, it creates a message with a link and brings up a share sheet controlled by iOS. You can then send the message block with the link either via email, text, or any other relevant third party app that registers a share extension.
It is all done outside of the apps process. iOS sends the message on the apps behalf to the other app.
There is no option to share your contact with the app.
Maybe they won't upload the list of my installed apps (which can leak information like religion or medical issues), maybe they won't track my location through the entire hotel (or everywhere), maybe they won't snoop on my pictures... but maybe they also will, and I don't like maybe.
Almost certainly I'll have to agree to lengthy ToS that will then be used as justification to inundate me with spam.
The Android permission model is particularly messed up because it changes every few SDK target versions, so it's hard to build a mental model what exactly you're allowing. Many apps that had a built-in photo-taking capability required storage access and wouldn't work without. Any app using bluetooth had to request and be granted location access (because Bluetooth could be used to track location... so any app acting as a key automatically also got to track you via GPS on top of that, and even if the app maker didn't want to they had to request the permission for Bluetooth to work).
I've seen too many companies pushing their apps aggressively and with massive rewards. They're clearly getting something out of it, and probably not something I want to give them. If you're very, very lucky, the main goal is only to make them more "sticky" (make it easier to use them over someone else next time), but that's the thing - I don't want past service providers to stick to me.